Wireshark mailing list archives
Re: Apply read filter while writing to file
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Sat, 09 Mar 2013 23:23:31 +0100
So, Do we elevate this to expected behaviour now and make corrections to the documentation regarding this? Thanks, Jaap On 03/09/2013 12:18 AM, Jeff Morriss wrote:
Read filters haven't worked like this in quite a while (since 0.99.7). The bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 ... is listed in the "known problems" of each release since then. It is possible to build a pipeline which will do the same thing, for example: % dumpcap -w - | tshark -R icmp -r - -w /tmp/foo.pcapng Muhammad El-Sergani wrote:Hello, At the moment I'm using v1.4.2, I know it's not the latest, but had to have it after a recent switch upgrade. Can't remember at the moment the older version I was using, but simply typing: # tethereal/tshark -i ethX -w trace.pcap -R 'sip.To contains 'xxxxxxx'' would work :) Thanks //M On Thu, Mar 7, 2013 at 11:38 PM, Jaap Keuter <jaap.keuter () xs4all nl <mailto:jaap.keuter () xs4all nl>> wrote: On 03/07/2013 11:27 AM, Muhammad El-Sergani wrote: > Hello all, > > After a recent Wireshark update on one of our SIP servers, we are unable to > apply a read filter while writing the capture file, but rather have to capture > everything to a host, write that to a file then apply our read filters when > reading from the file. > > This is hard to maintain as our SIP traffic is huge, and just capturing > everything is unpractical. > > Is there a known/method/practice/script that can be used to allow users to apply > a read filter to a trace session while writing the dump to a file? > > Everything is Linux based. > > Thanks > in advance! > //M > Hi, Can you specify what a recent Wireshark update means? What version did you have before and what version do you have now? Thanks, Jaap
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Apply read filter while writing to file Muhammad El-Sergani (Mar 07)
- Re: Apply read filter while writing to file Guy Harris (Mar 07)
- Re: Apply read filter while writing to file Jaap Keuter (Mar 07)
- Re: Apply read filter while writing to file Muhammad El-Sergani (Mar 08)
- Re: Apply read filter while writing to file Jeff Morriss (Mar 08)
- Re: Apply read filter while writing to file Muhammad El-Sergani (Mar 09)
- Re: Apply read filter while writing to file Jaap Keuter (Mar 09)
- Re: Apply read filter while writing to file Muhammad El-Sergani (Mar 08)